In today’s cloud-based environments, security threats can move faster and do more damage than ever before. To avoid a financial and technological repercussions, companies must be proactive with their security strategies and have the ability to act fast.

A common approach is to “over-secure” company systems, but this can unnecessarily limit employee access to important tools and hinder productivity. Alternatively, those who know security well realize that if you offer employees too much access, it can open your business to security vulnerabilities.

A better approach centers on striking the right balance between security and practicality, and the way companies can achieve this is by working backwards from the ideal security scenario to formulate their strategy.

It’s an issue that most security teams struggle with, but not many have a good solution. When there’s an ample supply, security is strong, but when insufficient, it puts a strain on the entire organization. We’re talking about people.

As companies grow, security becomes more and more important, but what if you don’t have enough people to fill the seats? It’s no secret we’re facing a talent shortage of epidemic proportions. According to PWC, there will be 1.5 million cyber security job openings by 2019, and the talent market is not expected to catch up any time soon. But this does not mean companies can simply put off security until the talent market catches up (because by all estimates, they’ll be waiting a long time). So how can companies solve for this? Consider the following three key approaches:Read more “The Biggest Issue Security Teams Have Today (And 3 Ways to Solve It)”

It’s difficult to quantify the money saved by preventing a cyber attack that never happened. This is why proving the ROI of security measures can be tricky and can sometimes make security feel more like a cost-center than an investment.

In truth, being a great security organization is a competitive advantage. It’s both a sales driver and a compliance linchpin. It’s not simply a cost of doing business. In fact, it can really give you a leg up, particularly when selling to customers with HIPAA, SOC 2, ISO27000, or other compliance requirements.

Shadow IT has emerged in recent years due to misaligned objectives among teams and the fluid nature of DevOps. We’ve written before that although it may achieve short-term goals for the business units it serves, Shadow IT is detrimental for the long-term stability of organizations, and despite its good intentions, puts companies at greater security risk.

Some organizations are especially successful when it comes to security preparedness. In the webinar, we discussed what makes the strongest teams stand out. It boils down to their unique approaches to people, processes, and technology and how theses elements are bound together by a common set of goals.

There’s a lot of talk in the business world — especially the software-driven side of it — about achieving and maintaining velocity. The ability to continuously release new code can be the difference between winning and losing.

But as Threat Stack’s CSO, Sam Bisbee, recently pointed out in InfoSecurity magazine, “The market’s investment in services and tools to automate business processes without incurring heavy maintenance costs has outpaced investment in the methods to secure them.” Sometimes we forget that, if security can’t keep up, it won’t matter how fast you get that new app out there. You’ll eventually be faced with a mountain of security-related headaches — or at least the stress of increased risk.Read more “Velocity and Security: 5 Posts to Help You Get Security Up to Speed”

It was 8:00 a.m. when AWS CEO Andy Jassy took to the stage to offer up the latest AWS news and announcements. And offer up he did. To my recollection, the number of services announced today dwarfed anything unveiled at any previous AWS re:Invent show. (To see the ever-growing list of services debuted this year, head over to the AWS blog.)

The sheer number of new services blew away all expectations. Not only did Amazon announce new compute instances and enhancements to some of their existing services, but the big news was their flurry of announcements about new services that continue down the path of Serverless and Machine Learning.